nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-26 00:14:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20331 from 0Pranav/version-12

Browse Source 
fix: imporer escaping
This commit is contained in:
sahil28297
2020-01-16 17:51:32 +05:30
committed by GitHub
parent 0ef799dff8 73dff8993a
commit d5676a87a8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
erpnext/setup/doctype/authorization_control/authorization_control.py
View File

@@ -76,7 +76,7 @@ class AuthorizationControl(TransactionBase):
add_cond = '' add_cond = ''
auth_value = av_dis auth_value = av_dis
if val == 1: add_cond += " and system_user = '"+ frappe.db.escape(session['user']) +"'" if val == 1: add_cond += " and system_user = {0}".format(frappe.db.escape(session['user']))
elif val == 2: add_cond += " and system_role IN %s" % ("('"+"','".join(frappe.get_roles())+"')") elif val == 2: add_cond += " and system_role IN %s" % ("('"+"','".join(frappe.get_roles())+"')")
else: add_cond += " and ifnull(system_user,'') = '' and ifnull(system_role,'') = ''" else: add_cond += " and ifnull(system_user,'') = '' and ifnull(system_role,'') = ''"
@@ -85,7 +85,7 @@ class AuthorizationControl(TransactionBase):
if doc_obj: if doc_obj:
if doc_obj.doctype == 'Sales Invoice': customer = doc_obj.customer if doc_obj.doctype == 'Sales Invoice': customer = doc_obj.customer
else: customer = doc_obj.customer_name else: customer = doc_obj.customer_name
add_cond = " and master_name = '"+ frappe.db.escape(customer) +"'" add_cond = " and master_name = {0}".format(frappe.db.escape(customer))
if based_on == 'Itemwise Discount': if based_on == 'Itemwise Discount':
if doc_obj: if doc_obj:
for t in doc_obj.get("items"): for t in doc_obj.get("items"):